diff --git a/lib/core/dicts.py b/lib/core/dicts.py index b6a0ea2ba..47e316e87 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -223,6 +223,7 @@ DEPRECATED_OPTIONS = { "--replicate": "use '--dump-format=SQLITE' instead", "--no-unescape": "use '--no-escape' instead", "--binary": "use '--binary-fields' instead", + "--auth-private": "use '--auth-file' instead", "--check-payload": None, "--check-waf": None, } diff --git a/lib/core/option.py b/lib/core/option.py index 99c716032..d73b512bc 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1264,13 +1264,13 @@ def _setHTTPAuthentication(): global authHandler - if not conf.authType and not conf.authCred and not conf.authPrivate: + if not conf.authType and not conf.authCred and not conf.authFile: return - if conf.authPrivate and not conf.authType: + if conf.authFile and not conf.authType: conf.authType = AUTH_TYPE.PKI - elif conf.authType and not conf.authCred and not conf.authPrivate: + elif conf.authType and not conf.authCred and not conf.authFile: errMsg = "you specified the HTTP authentication type, but " errMsg += "did not provide the credentials" raise SqlmapSyntaxException(errMsg) @@ -1285,7 +1285,7 @@ def _setHTTPAuthentication(): errMsg += "Basic, Digest, NTLM or PKI" raise SqlmapSyntaxException(errMsg) - if not conf.authPrivate: + if not conf.authFile: debugMsg = "setting the HTTP authentication type and credentials" logger.debug(debugMsg) @@ -1336,7 +1336,7 @@ def _setHTTPAuthentication(): debugMsg = "setting the HTTP(s) authentication PEM private key" logger.debug(debugMsg) - _ = safeExpandUser(conf.authPrivate) + _ = safeExpandUser(conf.authFile) checkFile(_) authHandler = HTTPSPKIAuthHandler(_) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 3ff1ded01..257f86eb0 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -37,7 +37,7 @@ optDict = { "headers": "string", "authType": "string", "authCred": "string", - "authPrivate": "string", + "authFile": "string", "proxy": "string", "proxyCred": "string", "proxyFile": "string", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 4eebceb2c..b801bab95 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -144,8 +144,8 @@ def cmdLineParser(argv=None): help="HTTP authentication credentials " "(name:password)") - request.add_option("--auth-private", dest="authPrivate", - help="HTTP authentication PEM private key file") + request.add_option("--auth-file", dest="authFile", + help="HTTP authentication PEM cert/private key file") request.add_option("--ignore-401", dest="ignore401", action="store_true", help="Ignore HTTP Error 401 (Unauthorized)") diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py index ea3aa7aad..2f0c31dba 100644 --- a/lib/request/pkihandler.py +++ b/lib/request/pkihandler.py @@ -11,12 +11,13 @@ import urllib2 from lib.core.data import conf class HTTPSPKIAuthHandler(urllib2.HTTPSHandler): - def __init__(self, key_file): + def __init__(self, auth_file): urllib2.HTTPSHandler.__init__(self) - self.key_file = key_file + self.auth_file = auth_file def https_open(self, req): return self.do_open(self.getConnection, req) def getConnection(self, host, timeout=None): - return httplib.HTTPSConnection(host, key_file=self.key_file, timeout=conf.timeout) + # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain + return httplib.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout) diff --git a/sqlmap.conf b/sqlmap.conf index c18159375..2bcd15f1d 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -93,10 +93,10 @@ authType = # Syntax: username:password authCred = -# HTTP Authentication PEM private key. Useful only if the target URL requires +# HTTP Authentication PEM private/cert key file. Useful only if the target URL requires # PKI authentication and you have such data. # Syntax: key_file -authPrivate = +authFile = # Use a proxy to connect to the target URL. # Syntax: (http|https|socks4|socks5)://address:port